Security Article

Don't Get Phished:
Protect Yourself and Stop Identity Theft


Phishing (pronounced “fishing”) is a form of fraud, in which an attacker tries to learn private information (such as login credentials) by masquerading as a reputable entity or person (usually via email).

CLICK HERE TO DOWNLOAD OUR SECURITY ARTICLE ON HOW TO SPOT A PHISHING ATTEMPT


Phishing scams are among the most prevalent forms of cybercrime. Although phishing is widespread, it is beatable; The best way to combat scams is to learn what phishing looks like and how to protect yourself.

  1. Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Pictured below, you’ll an example of an actual phishing email UM employees have received. In the screenshot, it appears that "Sebastian the Ibis" sent the email from an authentic UM email address (sebastian@miami.edu), but when you hover the mouse over the embedded link, it is clear that the link is fraudulent.



  2. Often a phishing website will look identical to the original - look at the address bar to make sure you are accessing the correct website. Criminals have access to tools that replicate legitimate company sites. For example, the UM Single Sign-On webpage was replicated in a phishing scam. Take a look at the phishing attack URL in the address bar below (the real UM Single Sign-On page will display as https://caneid.miami.edu/ or https://caneidhelp.miami.edu/caneid/):

  3. Be wary of emails, phone calls, and/or text messages asking for confidential information - especially information of a financial nature. The University of Miami will never request sensitive information via email, and most banks in the US will tell you that they won't ask for your information unless you're the one contacting them. Pictured below, you'll see an example of a phishing attempt via text message. In the screenshot, it appears that "WellsFargo" sent a text message regarding an account error; however, when you review the link you'll see that it is not from the bank's official website, so it is clear that the link is fraudulent.



  4. Don't get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.

  5. Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with "Dear Sir/Madam," and some come from a bank with which you don't even have an account.

  6. Never open email attachments or submit confidential information via forms embedded within suspicious email messages. Senders are often able to track all information entered.

Phishing is an ongoing challenge for the University of Miami and many other institutions and businesses around the world. For this reason, UMIT Security is offering supplemental training in ULearn. To access the training, visit http://ulearn.miami.edu and enter Phishing - Don’t Get Hooked into the search bar, located on the top right-hand corner of the page. Select the course and register.

To learn more about phishing and learn how keep your identity safe, please download UMIT's Phishing 101: How to Spot a Phishing Attempt and Phishing 101: Tips to Protect Yourself documents. If you suspect you may be a victim of phishing, or would like help setting up Multi-Factor Authentication, please contact the UMIT Service Desk at: (305) 284-6565 or help@miami.edu.

Thank you.


Resources